Everything to know about the Ransomware attack on Kaseya, a software company

A ransomware attack happened on Kaseya, a software company this Friday. It was a massive cyberattack that affected companies and individuals around 17 countries.

The IT firm Kaseya is a Miami-based company in the United States. It provides its technology services to thousands of companies and organizations across the world including a railway system, a pharmacy chain, a grocery chain, a public broadcaster, schools, etc. This ransomware attack on Kaseya is one of the biggest IT disruptions ever.

There were common things with all victims of this attack. They had network management and remote control software. This software was made by the technology company Kaseya established in the U.S. The company develops this software to take care of remote functions of the network and devices of a company. Such software is specially developed for managed service providers.

Further, hackers linked with the Russia-REvil group might use a completely new security vulnerability to send ransomware to Kaseya’s consumers. Many other companies who became the victim of this cyber threat were not aware that they had been monitored by Kaseya’s software.

Kaseya asked all their customers to immediately shut down every single server including cloud-based services.

As per a senior security official from Huntress Labs ( a threat detection firm), more than 30 managed service providers had got the attack, making it easier to spread the ransomware to over a thousand businesses. The Huntress Labs was also a name among the ones that revealed the cyber attack. According to the security firm ESET, the victims are from 17 counties such as the U.K., South Africa, Canada, New Zealand, Kenya, and Indonesia.

With all these things, it is now clear that it is one of the biggest cyber attacks happening through ransomware in the history of the world.

Dutch researchers were aware of the vulnerabilities in Kaseya’s software

According to the Dutch researchers, they were already aware of the vulnerabilities found in Kaseya’s software during their investigation. They have identified all these bugs under zero-day vulnerabilities. Zero-day bugs or flaws in software means the software has zero-day to get the new attack. Moreover, as the researchers noticed the bugs in the software, they made Kaseya aware of the bugs, but before they troubleshooted, the cybercriminals made the ransomware attack. This information was provided to the group head of the Dutch researchers.

Chief executive at Kaseya named Fred Voccola said to The Wall Street Journal that their corporate systems were safe from the attack.

The company announced that all the victim servers will shut down until the security patch is ready. Also, they said that we can expect the required patches by late Monday.

About hackers of the cyber attack on Kaseya

It is being suspected that there are hackers behind mass IT attacks affecting thousands of technology companies around the world. As per a dark website, they demanded a ransom of $70 million to make things work.

They posted the demand for ransom to restore the hacked data on a blog or website run by the REvil cybercriminals. This cyber-attack gang is linked with a Russian group. This Russia-based group of cybercriminals is popular for their unethical hacking behavior in the world.

The cyber attackers use a particular method to mask their identity making it challenging to find out the individual involved from the hackers’ side. But a cybersecurity firm called Recorded Future said that REvil’s core leadership is responsible for the message “almost certainly”.

Moreover, an official from Kaseya said that they did not respond to the messages sent by the gang seeking further comment.

CISA-FBI guidance for affected customers of a ransomware attack on Kaseya

CISA and FBI are actively monitoring the ransomware attack on Kaseya providing preventive security measures for the victims. These two government bodies have issued the following guidelines for the concerned customers:

1. Install the Kaseya VSA Detection Tool. The company provides this software to monitor the system like a VSA server and manage endpoints to find out the threats and chances of compromise.
2. Activate multi-factor authentication or MFA for all accounts related to the company.
3. Run an allowlist to communicate only with limited individuals and to known IP addresses.
4. Employ a firewall on your administrative network.

Further, CISA and FBI want all managed service providers to use the best cybersecurity practices. The following security practices are only for the customers of managed service providers who have stopped running their RMM (remote monitoring and management) with the effect of the Kaseya attack.

Important recommendations from CISA and FBI for MSP customers are:

1. Make sure you are storing all your backups in a such location from where you can retrieve the data easily and the location is safe from the organizational network.
2. When any new security patches are available, you should grab them without any delay.
3. Use multi-factor authentication for all your accounts.
4. To grab the latest guidelines from Kaseya, visit the Important Notice.

Conclusion

That is all you need to know about the biggest cyber attack in history. To know everything about the ransomware attack on Kaseya, kindly go through the full article. Performance Marketing Agency

people alos read: Green Business Tips: Grow your business faster with an Eco-friendly Image

Visit Original Content: Everything to know about the Ransomware attack on Kaseya, a software company